Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Howdy! I'm finding RLS Policy's to be the most challenging part of building on Supabase. Any tips for debugging and/or speeding up the feedback loop?

For example, I read somewhere in my research that policy expressions can be thought of as AND clauses to your app query. I got excited, promptly wrote the query I needed, but it didn't work inside my policy. 🤷‍♂️

For select policies that's how it works, can you show an example of what you did?

I tend to write my policy queries inside of postgres functions, this way I can easily test them if they work on their own and then use them inside of policies.

Where my projects table looks like this:

```sql
CREATE TABLE "public"."projects" (
    "id" uuid NOT NULL DEFAULT uuid_generate_v4(),
    "title" text,
    "track_count" int2 DEFAULT '0'::smallint,
    "is_active" bool DEFAULT true,
    "is_deleted" bool DEFAULT false,
    "updated_at" timestamptz DEFAULT (now() AT TIME ZONE 'utc'::text),
    "created_at" timestamptz DEFAULT (now() AT TIME ZONE 'utc'::text),
    "created_by" uuid,
    CONSTRAINT "projects_created_by_fkey" FOREIGN KEY ("created_by") REFERENCES "auth"."users"("id"),
    PRIMARY KEY ("id")
);
```

Here's my test query:

```sql
select * from projects
where is_active = true
AND id IN (
    select project_id
    from collaborators
    where user_id = '3932c061-b49a-42f8-9d6a-435c0383d00e'
)
```

The table `collaborators` is a basic many-to-many, and I replace the user_id string with `auth.uid()` in my policy.

Happy to report I figured it out. I was so focused on my `projects` table policy being the problem that I didn't look at my `collaborators` table policies. Only had an INSERT policy there, so added a SELECT policy and voila.